rogue

"I have managed to record the way you masturbate..." The confronting email that landed in my inbox.

A stranger on the internet sent me an email.

The subject line read: "I have full control of your device". 

They began by explaining they had some "bad news" to share with me. Apparently, they'd been tracking my internet activity.

This person said they had installed something called Trojan virus onto all of my devices.

"This software provides me with access to all... of your devices (eg. your microphone, video camera and keyboard)."

I read on.

"While gathering information about you, I have discovered that you are a big fan of adult websites.

"You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure. Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms.

"If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives.

"I have also no issue at all to make them available for public access.

"I guess, you really don't want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you."

This stranger had an offer, though.

"You transfer $1500 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away."

There were then a list of rules. 

Don't tell the police. Don't tell any of my friends. If I did, this person said they would share the video to "the public right away". 

The first thing I did was copy and paste parts of the email into Google. 

It was, as I suspected, a scam. 

There was an alert posted from Brown University in the US. 

They first saw this email (word for word) sent to recipients in 2018, and since there have been several iterations of it. The sender always claims to have sexually explicit material, and always demands payment in bitcoin. 

ADVERTISEMENT

Bitcoin is of course an untraceable form of cryptocurrency, meaning that once paid, there is no way of retrieving funds. Authorities would not be able to locate the bank account if the scam was ever reported. 

Referred to as "malware sextortion", the advice is to mark the email as 'phishing' as to alert Google. You can do this by opening the message, clicking on the three dots to the far right of the "reply" button and selecting "report phishing". 

How to report phishing.  

It was my first instinct that this was likely a scam and it never crossed my mind to transfer the money. 

I can entirely understand, however, that for others this email would be genuinely terrifying. There are people in my own life who aren't digital natives, who might see the threat as so shameful that they would immediately transfer the funds. 

There are even some versions of this email that include evidence they have your password. But, according to experts, they've probably hacked your information from another website which required a login, and it's just a coincidence that it's the same as your email password. 

Either way, don't panic. If you don't transfer the money, nothing will happen. But for too many Australians, it's too late for that advice. 

ADVERTISEMENT

During the height of the COVID-19 pandemic, the Australian Competition and Consumer Commission (ACCC) Scamwatch found that Australians lost more than $176 million to scams. That's up 23 per cent from the year before. 

The most prominent were fake investment schemes, dating and romance scams and false bill scams. 

According to Scamwatch, here's what you should do if you find yourself on the receiving end of a scam. 

  • Report the scam to the ACCC via the Report a scam webpage.
  • Report the scam to relevant authorities, which can be found here
  • If you've shared your bank details with a scammer, contact your financial institution as quickly as possible. They may be able to stop the transaction, or close your account. 
  • Change your passwords often, and ensure you don't have the same password for all your accounts.
  • Do not open suspicious texts, pop-up windows or click on links or attachments in emails. Instead, delete them.
  • Warn friends, family and colleagues. 

I did have one more question though...

Is it possible for someone to access my webcam remotely? 

The answer, simply, is yes. 

It's called camfecting (camera + infecting) and it happens when a hacker infects your computer with a specific virus, which grants them access to your webcam. 

Signs that someone has hacked your webcam include:

  • The light on your webcam turning on at strange times.
  • There are video files stored on your computer that you don't recognise.
  • There are suspicious apps installed on your computer.

What you can do is run a virus scan on your computer to see if there is anything unusual. The other thing cyber experts recommend you do, is cover your webcam. 

Interestingly, Facebook's Mark Zuckerberg and Former Director of the FBI James Comey, both cover their webcam when it's not in use. 

I might start taking their lead on that one. 

Here is the full transcript of the email I received:

"Greetings!

I have to share bad news with you.

Approximately few months ago I have gained access to your devices, which you use for internet browsing.

After that, I have started tracking your internet activities.

Here is the sequence of events:

Some time ago I have purchased access to email accounts from hackers (nowadays, it is quite simple to purchase such thing online).

Obviously, I have easily managed to log in to your email account [contained my email address]. 

One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email.

In fact, it was not really hard at all (since you were following the links from your inbox emails).

ADVERTISEMENT

All ingenious is simple. =)

This software provides me with access to all the controllers of your devices (e.g., your microphone, video camera and keyboard).

I have downloaded all your information, data, photos, web browsing history to my servers.

I have access to all your messengers, social networks, emails, chat history and contacts list.

My virus continuously refreshes the signatures (it is driver- based), and hence remains invisible for antivirus software.

Likewise, I guess by now you understand why I have stayed undetected until this letter...

While gathering information about you, I have discovered that you are a big fan of adult websites.

You really love visiting porn websites and watching exciting videos, while enduring an enormous amount of pleasure.

Well, I have managed to record a number of your dirty scenes and montaged a few videos, which show the way you masturbate and reach orgasms.

If you have doubts, I can make a few clicks of my mouse and all your videos will be shared to your friends, colleagues and relatives.

I have also no issue at all to make them available for public access.

I guess, you really don't want that to happen, considering the specificity of the videos you like to watch, (you perfectly know what I mean) it will cause a true catastrophe for you.

Let's settle it this way:

You transfer $1500 USD to me (in bitcoin equivalent according to the exchange rate at the moment of funds transfer), and once the transfer is received, I will delete all this dirty stuff right away.

After that we will forget about each other. I also promise to deactivate and delete all the harmful software from your devices.

Trust me, I keep my word.

This is a fair deal and the price is quite low, considering that I have been checking out your profile and traffic for some time by now.

In case, if you don't know how to purchase and transfer the bitcoins - you can use any modern search engine.

ADVERTISEMENT

Here is my bitcoin wallet: 1NyCowey2g1k3XJkov9vept4DC9hFJ6Nv6

You have less than 48 hours from the moment you opened this email (precisely 2 days).

Things you need to avoid from doing:

*Do not reply me (I have created this email inside your inbox and generated the return address).

*Do not try to contact police and other security services. In addition, forget about telling this to you friends. If I discover

that (as you can see, it is really not so hard, considering that I control all your systems) - your video will be shared to public right away.

*Don't try to find me - it is absolutely pointless. All the cryptocurrency transactions are anonymous.

*Don't try to reinstall the OS on your devices or throw them away. It is pointless as well, since all the videos have already been saved at remote servers.

Things you don't need to worry about:

*That I won't be able to receive your funds transfer.

- Don't worry, I will see it right away, once you complete the transfer, since I continuously track all your activities (my trojan virus has got a remote-control feature, something like TeamViewer).

*That I will share your videos anyway after you complete the funds transfer.

- Trust me, I have no point to continue creating troubles in your life. If I really wanted that, I would do it long time ago!

Everything will be done in a fair manner!

One more thing... Don't get caught in similar kind of situations anymore in future!

My advice - keep changing all your passwords on a frequent basis."

So if you receive something similar - don't transfer the funds. 

But it's always a good idea to do whatever you can to protect your accounts, and your devices. 

Do you want to know how to keep kids safe online? Introducing the Safe on Social Toolkit: the digital ‘survival kit’ of everything parents and teachers need to know to keep kids safe on social media right now. Get the toolkit now at www.safeonsocialtoolkit.com.